Privacy & PETs Simone Fischer-Hbner SWITS PhD course, 2012 1 st - - PowerPoint PPT Presentation
Privacy & PETs Simone Fischer-Hbner SWITS PhD course, 2012 1 st Session, 3rd May 2012, KTH Overview I. Privacy - Definition II. EU Directives & Basic Privacy Principles III. Privacy Issues (LBS, Social Networks, RFID...) IV.
Simone Fischer-Hübner
SWITS PhD course, 2012 1st Session, 3rd May 2012, KTH
I. Privacy - Definition II. EU Directives & Basic Privacy Principles
RFID...)
V. Mix-nets
“Privacy is the claim of individuals, groups and institutions to determine for themselves, when, how and to what extent information about them is communicated to others”
Informational self-
determination
Spatial privacy
Objective:
Protection of fundamental rights, freedom of individuals
Harmonsation of privacy legislation in Europe
Scope (Art. 3): applies to the processing of personal data wholly or partly by automatic means, and to the processing otherwise than by automatic means of personal data which form part of a filing system.
Personal data: any information relating to an identified or identifiable natural person ('data subject')
Does not apply for data processing for
defense, public/state security, criminal law enforcement purely private or household activity (”household exemption”)
implemented in EU-Directive 95/46/EC
Legitimisation by law, informed consent
(Art. 7 EU Directive)
I c,e)
& anonymised as soon as possible
Purpose specification and purpose
binding (Art. 6 I b)
Lidl Video Monitoring Scandal
data” (Art. 8)
Transparency, rights of data subjects
to be informed (Art.10) to be notified, if data have not been obtained
from the data subject (Art.11)
of access to data (Art.12 a) of correction of incorrect data / erasure or
blocking of illegally stored data (Art.12b)
to object to direct marketing (Art.14)
(Art.17)
Restricted personal data transfer from
EU to third countries (Art. 25)
regulations
Policy is not directly accessible and website did actually not exist! Purpose not well specified Is it necessary to publish photos to the whole world (instead of having restricted access for parents, students,
Privacy Principles in Practice
(Art.5):
No interception/surveillance without the data
subject’s consent
Protection against cookies, spyware, web-
bugs (“right to refuse”)
Must be erased or made anonymous upon
completion of transmission
Processing for billing purposes permissible Processing for the purposes of value added
services/marketing with the consent of the subscriber/user
(Art.9):
May only be processed when made anonymous, or
with the informed consent of the user/subscriber
Where consent has been obtained, the user/subscriber
must still have possibility of temporarily refusing the processing of location data
Problem: Also Location Data within Traffic Data can be very sensitive
Opt-in system for electronic mail for direct marketing (so-called “spam”) Problem: US American CAN-SPAM Act of 2003 requires only Opt-out system, no SPAM legislation in most countries
Directives 2002/58/EC and 2006/24/EC
Art.15 of EU-Directive 2002/58/EC:
allows member states to adopt laws for data retention for
safeguarding security, defence, law enforcement
Data Retention Directive 2006/24/EC:
Requires telco companies to retain traffic and location data for 6-24
months
Problems/Questions:
Appropriate ?
Threat to online privacy: Traffic data contains mainly ”fingerprints”
Criminals find ways ”around”
Will anonymisation service providers be forced to collect
more data than they would normally collect ?
Enacted on 18 Dec 2009, to be
implemented by June 2011
Main changes:
Privacy Breach Notification Requirement to implement a security
policy, adopt measures to restrict access to personal data, and to protect against data breaches
More strict SPAM legislation Consent for the placement of cookies
(Data Protection Regulation proposed 25 January 2012)
Single set of data protection rules, valid across the EU, and if data are processed abroad by companies active in the EU
”Right to be forgotten”
Right to ”data portability”
Easier exercising of data subject rights (electronically, in relation to all recipients)
Explicitly given consent, more transparency of data handling, easy-to-understand policies
Increased accountability, privacy breach notification, higher penalites (up to 2% of global annual turnover)
Privacy impact assessment (PIA)
Privacy by Design (PbD), Privacy by Default
Global networks, cookies, webbugs, spyware,... Location-based Services (LBS) Ambient Intelligence, RFID... Cloud Computing Social Networks Smart Grids Video Surveillance
Unsolicited tracking of user’s
position, movements
Unsolicited Profiling Disclosure of the user’s
current context
Disclosure of social networks
Source: Lother Fritsch & Rannenberg, GUF
Picture source: Wikipedia
Each electrical appliance has its
Provides information about when someone is at home, cooks, watches TV, takes a shower, etc.
Allows real-time surveillance
Of interest for burglars, insurance companies, law enforcement,…
Source: Smart Metering & Privacy, Elias Leake Quinn, 2009
1500 Euros in wallet
Serial numbers: 597387,389473 …
Wig
model #4456
(cheap polyester)
30 items
Das Kapital and Communist- party handbook Replacement hip
medical part #459382
Here’s
in 2020…
Source:Ari Juels, RSA Laboratories
Wig
serial #A817TS8
his identity
RFID tags
via RFID
Intimate personal
details about social contacts, personal life, etc.
The Internet never
forgets completely....
Not only accessible
by ”friends”
Social Network Analysis/Profiling by:
Art.29 Data Protection Working Party –
Opinion 5/2009 on online social networking
Who is the data controller?
SNS providers
Users ?
No: if ”household exemption” applies Yes:
If SNS is used beyond a purely personal/houshold activity (e.g., as a collaboration platform for a company)
When access to profile information extends beyond self-selected ”friends” (e.g., access is given to all SNS members) – unless exemptions apply for journalistic purposes
What are obligations of data controllers?
Appropriate technical and organisational security measures
SNS should offer privacy-friendly default settings
Informed consent by other individual concerned
Information to be provided by SNS
Information about the SNS identity, purposes (Art.10 EU Directive) SNS users should be advised by SNS to obtain informed consent before
uploading information/pictures about others
Law alone is not sufficient for protecting
privacy in our Network Society
PETs needed for implementing Law PETs for empowering users to exercise
their rights
(-> Art. 6 I c., e. EU Directive 95/46/EC) (providing Anonymity, Pseudonymity, Unobservability, Unlinkability)
(-> Art. 17 EU Directive 95/46/EC)
Anonymity: The state of being not
identifiable within a set of subjects (e.g. set
Source: Pfitzmann/Hansen
Unobservability ensures that a user may use a
resource or service without others being able to
used
Source: Pfitzmann/Hansen
Unlinkability of two or more items (e.g., subjects,
messages, events):
Within the system, from the attacker’s perspective,
these items are no more or less related after the attacker’s observation than they were before
Unlinkability of sender and recipient (relationship
anonymity):
It is untraceable who is communicating with whom
Pseudonymity is the
use of pseudonyms as IDs
Pseudonymity allows
to provide both privacy protection and accountability
Person pseudonym Role pseudonym Relationship pseudonym Role-relationship pseudonym Transaction pseudonym L I N K A B I L I T Y
Source: Pfitzmann/Hansen
A N O N Y M I T Y y
Source: Pfitzmann/Hansen
Alice Bob
But now the remailer knows everything!
Bob, r3, msg
Alice Bob A3, r2 Bob, r3, msg K3 K2 Bob, r3, msg K3 msg Ki: public key of Mixi, ri: random number, Ai: address of Mixi K3 A3, r2 A2, r1 K2 K1 Mix 1 Mix 2 Mix 3
Input Message Mi
Ignore repeated messages Buffering messages in batch Sufficient messages from many senders ? Recode *) Reorder
Output Message Mi+1 to Mixi+1
Message DB
*) decrypts Mi = EKi[Ai+1, ri, Mi+1] with the private key of Mixi, ignores random number ri,
Input Message Mi
Ignore repeated messages Buffering messages in a batch Sufficient messages from many senders ? Recode *) Reorder
Output Message Mi+1 to Mixi+1
Message DB
*) decrypts Mi = EKi[Ai+1, ri, Mi+1] with the private key of Mixi, ignores random number ri,
Prevents replay attacks
Input Message Mi
Ignore repeated messages Buffering messages in batch Sufficient messages from many senders ? Recode *) Reorder
Output Message Mi+1 to Mixi+1
Message DB
*) decrypts Mi = EKi[Ai+1, ri, Mi+1] with the private key of Mixi, ignores random number ri,
Prevents timing correlations
Input Message Mi
Ignore repeated messages Buffering messages in batch Sufficient messages from many senders ? Recode *) Reorder
Output Message Mi+1 to Mixi+1
Message DB
*) decrypts Mi = EKi[Ai+1, ri, Mi+1] with the private key of Mixi, ignores random number ri,
Prevents content correlations
If no random number ri is used :
Mixi
E Ki(M, Ai+1 ) M E Ki (M, Ai+1)
= ?
Mixi+1
Address(Mixi+1) = Ai+1
Mixi
E Ki(M, Ai+1 ) M
Mixi+1
ri
Sender (Alice) chooses Mix-Sequence Mix1, ….., Mixn, Mixn+1. Mixn+1 = recipient (Bob). Ai (i =1..n+1): address of Mixi ki (i=1..n+1): public key of Mixi zi: random bit strings M: message for recipient Mi: message that Mixi will receive Sender prepares her message: Mn+1 = EKn+1 (M) Mi = Eki (zi, Ai+1, Mi+1) for i=1…n and sends M1 to Mix1
Mix1 Mix2 Mix3
Each Mixi decrypts: Eki(zi, Ai+1, Mi+1) -> Ai+1: address of next Mix Mi+1: Eki+1(zi+1, Ai+2, Mi+2), encoded message for Mixi+1, zi: random string, to be discarded and forwards Mi+1 to Mixi+1
Sender (Alice)
Ek1(z1, A2, M2)
Ekn+1(M) Recipient (Bob)
Mix1 Mix2 Mixm Recipient Bob chooses Mix-Sequence Mix1, ….., Mixm. Mix0 = Sender Alice. and creates anonymous return address RA: Rm+1 = e Rj = Ekj(cj, Aj+1, Rj+1) for j=1..m RA = (c0, A1, R1) e : label of return address cj: symmetric key, used by Mixj to encode message on the return path Aj (j =0..m): address of Mixj kj (j=1..m): public key of Mixj zj: random bit strings Recipient Bob sends RA anonymously to Sender Alice:
Ekm(zm, Am-1,Ekm-1(…Ek1(z1,A0,RA)..))
RA
Bob Sender Alice
Mix1 Mix2 Mix3 Sender Alice replies (without knowing recipient Bob):
Each Mixj receives: cj-1(…c0(M)..), Rj, decrypts: Rj = Ekj(cj, Aj+1, Rj+1) -> (cj, Aj+1, Rj+1), forwards: cj(cj-1(…c0(M)…)), Rj+1 to Mixj+1 Label e indicates Bob which c0,..,cm he has to use to decrypt M
c0(M), R1
Recipient Bob cm(cm-1(…c0(M)…)),e Alice has received anonymous return address RA = (c0, A1, R1)
Protection properties:
Sender anonymity against recipients Recipient anonymity against senders Unlinkability of sender and recipient
Attacker may:
Observe all communication lines Send own messages Delay messages Operate Mix servers (all but one...)
Attacker cannot:
Break cryptographic operations Attack the user’s personal machine
(in case that there will be time left)
(for preventing message tracing by decreasing sizes)
Messages are sent through Mix sequence Mix1,…, Mixm. Each message has fixed length
Creation of return address: Rm+1 = [e] ( [ ] = block limits) Rj = [ kj (cj, Aj+1)], cj(Rj+1) j=1,..,m e: label , ci: symmetric keys, ki: public keys, di: private keys
Each Mixj decrypts first block kj(cj, Aj+1) -> cj, Aj+1, deletes first block, encrypts rest of Mj with cj, inserts Zj before message blocks, forwards Mj+1 to Mix j+1
Figure according to Pfitzmann
Recipient does not know symmetric keys c1,..,cm
create R1 Sender creates H1MC1 with (MC: message content) H1 = R1 MC1 = c1(c2…(cm(km+1(MC)))..) km+1: public key of recipient Each Mixi decrypts message blocks with ci
Sender does not know symmetric keys c1,..,cm Sender receives RA = (c0, A1, R1), encrypts MC with c0, and thus creates H1MC1 with H1 = R1 MC1 = c0(MC) Each Mixi encrypts message blocks with ci